[sr-dev] [kamailio/kamailio] Kamailio not using SNI in incoming requests (#1938)

maheshb2487 notifications at github.com
Thu Dec 19 13:15:37 CET 2019


Hi,
   My Setup : client1 ->  kamailio server 1 ( IP : 10.211.160.172) ----> kamailio server 2( IP : 10.211.160.176) -> client2

   I have a scenario where kamailio server 1 has to initiate an outgoing tls connection to kamailio server 2, i have set the server_name and  server_id in the client profile in tls.cfg like below on kamailio server 1

[client:default]
verify_certificate = no
require_certificate = no
server_name = mahesh.client.com

[client:10.211.160.172:5061]
method = TLSv1+
verify_certificate = yes
require_certificate = yes
private_key = /root/mahesh_openssl/profile2/btip_172_server_private.key
certificate = /root/mahesh_openssl/profile2/btip_172_server_public.crt
ca_list = /root/mahesh_openssl/profile2/btip_ca_public.crt
cipher_list = RSA
verify_depth = 9
server_name = btip.176.com
server_id = btip.176.com

And in sar.cfg 

   $xavp(tls=>server_name)="btip.176.com";
    $xavp(tls=>server_id)="btip.176.com";
    $du = "sip:10.211.160.176:5061;transport=tls";
   ....
    t_relay();

What i observe is that , when client hello is sent by 10.211.160.172 to 10.211.160.176, i dont see Extension server_name being sent. Am i missing anything. Please help !

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1938#issuecomment-567465707
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20191219/629bdb4f/attachment.html>


More information about the sr-dev mailing list